A working document published by the EU Council on 2 October 2026 compiles Member States' positions on the European Parliament's amendments to a proposed regulation aimed at harmonising cross-border enforcement of the General Data Protection Regulation (GDPR). The document reveals significant concerns among delegations, who object to provisions that would interfere with national procedural laws, create administrative burdens, or alter the balance of rights between complainants and investigated parties.
The document, prepared under the Hungarian Presidency, is an internal assessment to guide further negotiations. The proposed regulation seeks to establish additional procedural rules for GDPR enforcement, addressing issues such as complaint handling, cooperation between lead and concerned supervisory authorities, and the rights of parties under investigation.
Key Member State Concerns
Several delegations have raised red lines on specific provisions. Some object to mandatory complaint forms and translation requirements, arguing these would impose undue administrative burdens on both data protection authorities and complainants. Others caution against provisions that could complicate cooperation for simple cases, potentially slowing down enforcement. A number of Member States also push back on amendments that would alter the balance of rights between complainants and investigated parties, fearing this could undermine procedural fairness.
Policy Trade-offs
The debate reflects a tension between harmonisation and national procedural autonomy. On one hand, uniform rules could streamline cross-border enforcement, benefiting businesses operating across the EU by reducing regulatory fragmentation. On the other hand, Member States argue that excessive harmonisation could disrupt well-functioning national procedures and increase costs for data protection authorities and companies. The proposed mandatory complaint forms, for instance, could simplify the process for complainants but may also impose additional compliance costs on businesses.
Impact on Stakeholders
- EU data protection authorities: Would face new procedural requirements, potentially increasing administrative workload, but could benefit from clearer cooperation rules.
- EU businesses: Could see more predictable enforcement across borders, but may face higher compliance costs if mandatory forms and translation requirements are adopted.
- EU citizens (complainants): Might benefit from simplified complaint procedures, but could face delays if cooperation becomes more complex.
- National governments: Must balance the desire for harmonisation with protecting their procedural autonomy and avoiding additional burdens on their authorities.
Next Steps
The Council will continue to discuss the Parliament's amendments, aiming to reach a common position before entering trilogue negotiations with the European Parliament and the European Commission. The working document indicates that significant differences remain, suggesting that further compromise will be needed to finalise the regulation.